package com.it.config;

import com.it.filter.CaptchaFilter;
import com.it.filter.JWTAuthenticationFilter;
import com.it.service.impl.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * 定义登录失败时的处理、白名单、请求授权规则、不创建session安全策略
 *
 * @author: Coke
 * @DateTime: 2023/11/19/15:15
 **/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity (prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    
    @Autowired
    private LoginFailureHandler loginFailureHandler;
    
    @Autowired
    private CaptchaFilter captchaFilter;
    @Autowired
    JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
    @Autowired
    private LoginSuccessHandler loginSuccessHandler;
    
    @Autowired
    private UserDetailsServiceImpl userDetailsService;
    public static final String[] URL_WHITELIST = {
          "/webjars/**",
          "/favicon.ico",
          
          "/captcha",
          "/login",
          "/toLogin",
          "/logout",
    };

    @Bean
    @Override
    protected AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }
    
    @Bean
    BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }
    
    
    @Bean
    JWTAuthenticationFilter jwtAuthenticationFilter() throws Exception {
        JWTAuthenticationFilter jwtAuthenticationFilter = new JWTAuthenticationFilter(authenticationManager());
        return jwtAuthenticationFilter;
    }
    
    @Override
    // 配置HttpSecurity，定义安全策略
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable() // 启用跨域支持，禁用CSRF保护
              .formLogin()
              .failureHandler(loginFailureHandler) // 登录失败处理器
              .successHandler(loginSuccessHandler) // 登录成功处理器
              
              
              .and()
              .authorizeRequests()
              .antMatchers(URL_WHITELIST).permitAll() // 设置白名单，允许访问的URL
              .anyRequest().authenticated() // 其他所有请求需要身份验证
              
              .and()
              .sessionManagement()
              .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 不会创建session
      
      
              .and()
              .exceptionHandling()
              .authenticationEntryPoint(jwtAuthenticationEntryPoint)
              
              
              .and()
              .addFilter(jwtAuthenticationFilter())
              .addFilterBefore(captchaFilter, UsernamePasswordAuthenticationFilter.class); // 登录验证码校验过滤器

    }

}












